A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# For general security findings, questions, or feedback, please use this contact:
Contact: mailto:security@qualcomm.com

# Qualcomm's Product Security team can be more directly engaged here:
Contact: mailto:product-security@qualcomm.com
Encryption: https://www.qualcomm.com/media/documents/files/product-security-public-key-download.txt
Acknowledgments: https://www.qualcomm.com/company/product-security/bulletins
Policy: https://www.qualcomm.com/company/product-security/report-a-bug

Expires: Tue, 1 Nov 2022 00:00 -0700